Telecommunication or other types of computer networks provide for the transmission of information across some distance through terrestrial, wireless or satellite communication networks. Such communications may involve voice, data or multimedia information, among others. Typically, such networks include several servers or other resources from which the content or network services can be supplied to a requesting end user. To communicate or request content from an element of the network (such as an Internet-based or web-based server), a communication session is typically established between a requesting device and a transmitting device. The communication session may include the exchange of information and/or data included in packets that aid the devices in effective communication. For example, a request to access the network may include an Internet Protocol (IP) address of the device transmitting the request (known as the source IP address), as well as a destination address from which the content may be received. In general, IP addresses are utilized by networks and devices to identify particular destinations and devices of networks around the world.
In some instances, however, the source IP address of a communication packet may be spoofed or otherwise falsified to hide the identity of the sending device. For example, a computing device connected to a network may alter a field in a header attached to or otherwise associated with the communication to include a source IP address that is different than the IP address of the sending device or network. Generally, spoofed IP addresses are utilized by a user to attack one or more devices or networks to gain access to or disrupt service from the one or more devices.
In a first example, an attacker to the network spoofs a source IP address to appear to a receiving device as a known or trusted user. This type of spoofing can be used by network intruders to overcome certain network security measures. For example, many networks have internal systems that trust each other so that users can log into a system without a username or password provided the destination system recognizes and/or trusts the device used to access the system. This is typically done through the accessing device's IP address such that a spoofed IP address allows an attacker to appear as a trusted network or device, thereby gaining illegitimate access to the destination network.
In another example, IP address spoofing is used in distributed denial of service (DDOS) attacks. In a DDOS attack, a target device or network is flooded with requests for data from multiple requesting devices, thereby overwhelming the target. A spoofed IP address aids the attacker in this scenario because the attacker does not care about receiving the requested data and can appear to come from many different source devices to hide the true source of the attack. Also, it is often difficult to determine which traffic to the target is legitimate and which traffic is utilizing a spoofed IP addresses during such an attack. Regardless of the motivations behind the use of a spoofed IP address, such techniques may affect the operation and efficiency of a network or networking devices under attack.